Amid increased warnings of Russian interference in the midterm elections — and evidence that hackers are targeting candidates — congressional campaigns are trying to balance cybersecurity with the demands of competitive contests.

That’s especially difficult for small House campaigns. But experts warn that such campaigns, particularly in competitive races, are prime targets for hackers and foreign adversaries.

Traffic originating from Russia started increasing on Joe Radinovich’s campaign website around the time the Democratic-Farmer-Labor Party was conducting its endorsement process in the 8th District in northeastern Minnesota.

Since then, Radinovich staffers have continued to monitor their website and emails. They have instituted some cybersecurity best practices such as two-step authentication and haven’t detected additional suspicious activity.

Hagert said he was not surprised to see Russian interest in their campaign, given that the general election will be competitive.

North Branch Mayor Kirsten Kennedy, who is also running for the DFL nod, said her campaign received an interview request and later figured out it was from a Russian media outlet. She declined the interview.

Kennedy said she was extremely concerned about cyberattacks on elections and critical infrastructure such as power grids. Even though one of her consultants focuses on cybersecurity, she said her campaign could be better protected.

Prioritizing cybersecurity is still a balancing act for campaigns like Radinovich’s and Kennedy’s. Both have small staffs laser-focused on winning the Aug. 14 primary.

The same is true for scores of other congressional campaigns as warnings and evidence mount that Russian hackers will once again be looking to meddle in a U.S. election.

ICYMI: McConnell Warns Russians to Keep Out of Elections, Schumer Wants More Than Words

A real threat

The threat of Russian interference ranges from hacking election machines to facilitating misinformation campaigns — and even cyberattacks on campaigns themselves.

“I would be surprised if it didn’t happen,” Rep. Ted Lieu said. The California Democrat is a member of the House Judiciary Committee and a DCCC regional vice chair.

“Through our Defending Democracy Program, we’re working with political campaigns to protect them from hacking, and we’re exploring technical solutions to preserve and protect electoral processes,” Tom Burt, Microsoft’s corporate vice president for customer security and trust, said in an email.

Campaigns and party officials stress that they recognize cybersecurity is vital.

“I do think there has been an increase [in interest in cybersecurity] as we’ve gotten further in the cycle,” said Shauna Daly, who founded Progressive Security Corps last year to help campaigns defend against cyberattacks. “Whether that’s enough, I don’t really know.”

The revelations from Microsoft at the Aspen Security Forum signaled to House Intelligence ranking member Adam B. Schiff that the methods used by Russians to interfere in the 2016 election were back.

Russian hackers obtained documents damaging to Hillary Clinton’s presidential campaign and some other candidates when they successfully infiltrated the Democratic National Committee and the DCCC in 2016.

“They seem to be following the playbook,” Schiff, a California Democrat, said off the House floor last week.

News that McCaskill’s Senate staff had been the target of phishing emails linked to Russian hackers, first reported by The Daily Beast, was cast as the first sign of Russian meddling in 2018. The Missouri Senate race will be one of the most competitive in the country.

Some cybersecurity experts working with political organizations say the question isn’t if Russians and others will attempt to hack into campaigns — it’s how many they’ll target and if they’ll be successful.

And it’s not just foreign adversaries who are targeting campaigns. Experts warned that campaigns are vulnerable to attacks from others looking for opportunities to steal data or hijack it for ransom.

Former Gov. Phil Bredesen, a Tennessee Democrat who is running for Senate, notified federal authorities in March that his campaign received emails asking for money. The emails raised concerns that Bredesen’s campaign had been hacked. (The campaign did not return a request for comment.)

What’s being done

Most campaigns are not willing to discuss details about their cybersecurity practices — or even whether their staff receives cybersecurity training.

The DCCC has also issued guidelines and recommended specific technology to a “great deal” of campaigns, according to a committee aide.

The committee has also worked with specific vendors to offer discounted rates. Last year, it offered “caucus wide” briefings on cybersecurity to lawmakers, candidates and staff. The DCCC aide noted that “ultimately, it is up to their campaign to adopt and enforce these recommendations.”

Some have taken the committee’s advice.

The DCCC connected Democrat Mike Levin, who is running in California’s 49th District, with a cybersecurity specialist who is on his staff. Gil Cisneros, a Democrat running in the nearby 39th District, also employs a specialist on staff who ensures that all staffers are following cybersecurity protocols.

The concerns haven’t escaped Republicans. The National Republican Congressional Committee has a full time cybersecurity staff.

The entire staff for Minnesota Republican Carla Nelson participated in a May cybersecurity conference call with “Defending Digital Democracy,” a bipartisan project from Harvard University focused on election cybersecurity. The state senator is running in Minnesota’s 1st District, a Toss-up race.

Dugas said the May call included an overview of the program’s campaign cybersecurity playbook. She said the program hopes to hold additional conference calls, and the playbook has been distributed to more than 2,000 campaigns at the federal, state and local levels.

Slow to change

Dugas and others noted an uptick in campaigns interested in bolstering their cybersecurity as Election Day nears and news breaks of attempted hacks.

But some say there still is a lack of urgency, especially among campaigns with small staffs and limited resources.

“You’re using crappy chairs that make your back hurt for months. You save money on everything that you can,” said Daly, who was the DNC’s research director from 2009 to 2011.

Daly said it’s difficult to convince campaign staff to participate in an hour-long training about security.

“And until and unless they have been attacked, they don’t see the value of it,” she said.

Some campaign staffs may think they are too small and insignificant to be targeted, at least before winning a primary. But experts warn that campaigns in competitive races should not wait until after the primary election to follow best practices.

Dugas and Brian Franklin, a Democratic digital consultant who co-founded Campaign Defense, said campaigns can take steps that are cheap and relatively easy, such as using two-factor authentication and complex passwords.

Franklin said such practices, including training for staff, need to be mandated by the campaigns.

“If it’s not mandatory, you can’t expect people to voluntarily make their processes more difficult,” said Franklin, whose company is working with campaigns and party organizations to institute training and respond to breaches.

Daly suggested outside groups and donors should threaten to withhold money from campaigns not addressing the issue. Franklin said the campaign committees should also more be more aggressive in requiring training for campaign staff.

He also said there could be legal implications if campaigns are hacked. Lawyer Sue Friedberg, who specializes in cybersecurity, confirmed that states have various notification requirements if personal information is stolen.

For now the onus is on campaigns to implement guidelines and best practices.

It’s a similar challenge facing business startups, noted Mike Sager, the chief technology officer for EMILY’s List. He detailed his own suggestions for campaigns in a Medium post in May.

And whether campaigns like it or not, these experts say defending against cyberattacks is something campaigns will have to confront.

“This is never going to go away,” Sager said. “This is the world we live in now.”